From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-99411-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 21128 invoked by alias); 11 Mar 2013 19:25:47 -0000
Received: (qmail 21115 invoked by uid 22791); 11 Mar 2013 19:25:42 -0000
X-SWARE-Spam-Status: No, hits=-7.4 required=5.0	tests=AWL,BAYES_00,KHOP_RCVD_UNTRUST,KHOP_SPAMHAUS_DROP,RCVD_IN_DNSWL_HI,RCVD_IN_HOSTKARMA_W,RP_MATCHES_RCVD,SPF_HELO_PASS,TW_BJ,TW_CP
X-Spam-Check-By: sourceware.org
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Mon, 11 Mar 2013 19:25:30 +0000
Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r2BJPRaL021685	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);	Mon, 11 Mar 2013 15:25:27 -0400
Received: from host2.jankratochvil.net (ovpn-116-26.ams2.redhat.com [10.36.116.26])	by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r2BJPMgF000354	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);	Mon, 11 Mar 2013 15:25:25 -0400
Date: Mon, 11 Mar 2013 19:25:00 -0000
From: Jan Kratochvil <jan.kratochvil@redhat.com>
To: Hui Zhu <teawater@gmail.com>
Cc: gdb-patches ml <gdb-patches@sourceware.org>,        Joel Brobecker <brobecker@adacore.com>
Subject: Re: [PATCH] Fix gdb crash with tui
Message-ID: <20130311192521.GA28983@host2.jankratochvil.net>
References: <CANFwon2Ko8+1eseqi4YS-xvD+b-YFvfAN1USz31eymd9WJT5hw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CANFwon2Ko8+1eseqi4YS-xvD+b-YFvfAN1USz31eymd9WJT5hw@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2013-03/txt/msg00487.txt.bz2

On Sat, 09 Mar 2013 15:13:34 +0100, Hui Zhu wrote:
> I got crash when I use tui.  The steps to reproduce is:
> gdb gdb
> b gdb_main
> r
> Ctrl-x A change to TUI mode.
> Keep click <UP> some times.
> Keep click <Down> some times.
> Then you can get "---Type <return> to continue, or q <return> to quit---"
> Click <return>.
> Then the GDB crash.
> 
> I think this issue is this part should not output "---Type <return> to
> continue, or q <return> to quit---".

The patch is really not acceptable, there may be some memory corruption which
gets only hidden by the patch.

I do not get a crash and not even that prompt.  Could you provide a backtrace?
Or even to run parent GDB under valgrind?

When I ran it under valgrind I got:
==22920== Source and destination overlap in strcpy(0xefbaed0, 0xefbaed0)
==22920==    at 0x4C2B322: strcpy (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==22920==    by 0x653E33: tui_set_source_content (tui-source.c:225)
==22920==    by 0x6582C3: tui_update_source_window_as_is (tui-winsource.c:99)
==22920==    by 0x658276: tui_update_source_window (tui-winsource.c:81)
==22920==    by 0x654E47: tui_show_frame_info (tui-stack.c:406)
==22920==    by 0x659ABF: tui_enable (tui.c:423)

With the debug hook below showing strcpy(sameptr,sameptr).

Couldn't this patch (best without the 3rd debug hunk) fix your problem?
But maybe it is really unrelated.


Thanks,
Jan


gdb/
2013-03-11  Jan Kratochvil  <jan.kratochvil@redhat.com>

	* tui/tui-source.c (tui_set_source_content): Allocate and free SRC_LINE
	always.

diff --git a/gdb/tui/tui-source.c b/gdb/tui/tui-source.c
index e599382..41e7aa6 100644
--- a/gdb/tui/tui-source.c
+++ b/gdb/tui/tui-source.c
@@ -116,9 +116,7 @@ tui_set_source_content (struct symtab *s,
 		  src->gdbarch = get_objfile_arch (s->objfile);
 		  src->start_line_or_addr.loa = LOA_LINE;
 		  cur_line_no = src->start_line_or_addr.u.line_no = line_no;
-		  if (offset > 0)
-		    src_line = (char *) xmalloc (
-					   (threshold + 1) * sizeof (char));
+		  src_line = xmalloc (threshold + 1);
 		  while (cur_line < nlines)
 		    {
 		      struct tui_win_element *element
@@ -128,10 +126,6 @@ tui_set_source_content (struct symtab *s,
 		      /* Get the first character in the line.  */
 		      c = fgetc (stream);
 
-		      if (offset == 0)
-			src_line = ((struct tui_win_element *)
-				   TUI_SRC_WIN->generic.content[
-					cur_line])->which_element.source.line;
 		      /* Init the line with the line number.  */
 		      sprintf (src_line, "%-6d", cur_line_no);
 		      cur_len = strlen (src_line);
@@ -222,9 +216,20 @@ tui_set_source_content (struct symtab *s,
 		      /* Now copy the line taking the offset into
 			 account.  */
 		      if (strlen (src_line) > offset)
+{
+char *a=((struct tui_win_element *)
+				 TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line;
+char *b=&src_line[offset];
+size_t l=strlen(b)+1;
+if (a==b
+||(a<b&&a+l>b)
+||(b<a&&b+l>a)
+)
+sleep(0);
 			strcpy (((struct tui_win_element *)
 				 TUI_SRC_WIN->generic.content[cur_line])->which_element.source.line,
 				&src_line[offset]);
+}
 		      else
 			((struct tui_win_element *)
 			 TUI_SRC_WIN->generic.content[
@@ -232,8 +237,7 @@ tui_set_source_content (struct symtab *s,
 		      cur_line++;
 		      cur_line_no++;
 		    }
-		  if (offset > 0)
-		    xfree (src_line);
+		  xfree (src_line);
 		  fclose (stream);
 		  TUI_SRC_WIN->generic.content_size = nlines;
 		  ret = TUI_SUCCESS;